Password Protecting ASP Pages for FrontPage

Password Protecting ASP Pages…

This method of password protecting your ASP pages is very simple and effective…

For this example, we wanted to build in flexibility. Flexibility to provide your login form on any page and also to create the session objects when new users create an account and then to direct them to the protected page they were requesting. With some minor modifications, you can extend this example in many ways.

We have created the following pages:

> logon.asp
> logonvalidation.asp
> protected.asp
> register.asp
> registerentry.asp

In addition, we have created a database with one table called “Customers” and a database connection in FrontPage called “store”. The Customers table contains two fields: username and password.

We are going to explain all the pages here and then let you view the example.


This page is a simple form that contains two text input fields: username and password. The form submits to logonvalidation.asp. Here is an example:

Username (set the form field name to username)
Password (set the form field name to password)
Set the form properties to “Send to other” and then click Options. In the Action box type logonvalidation.asp.

This form can be placed on any page in your web but you should have a page with only this form on it in case your user tries to go to a protected page without first logging in. The code in the protected page will send the user to the logon.asp page. Once logged in, the user will be sent to the originally requested page.


This page checks the user information against the database, creates the users session objects and then directs the logged in user to the originally requested page if there was one. In case there was not, we have provided a list of links to our protected pages they can click on (this will be the case if you provide a login form on your home page and the user simply logs in prior to trying to visit any of your protected pages).

Here is the code that does the work. Paste this into HTML view above the tag and before any other code:

<% 'First we create a connection object Set Conn = Server.CreateObject("ADODB.Connection") 'Next, we open the connection object by calling the connection string 'that FrontPage created and stored in the global.asa file when the "store" 'connection was created Conn.Open Application("store_ConnectionString") 'Then we create a record set object and a SQL statement Set RS = Conn.Execute ("SELECT * From Customers WHERE username = '" & Request.Form("username") & "' AND password = '" & Request.Form("password") & "'") 'Loop through the database to check for the users information Do until RS.EOF Pass = RS("Password") Name = RS("username") RS.MoveNext loop 'Close the recordset and database connection RS.Close Conn.Close 'If the password given is not in the database then we don't do anything. 'Otherwise, we create the session objects IF pass = "" Then Message = "The Password you entered is either wrong or not found in our database. Please press the BACK button and try again." Else Session("Password") = Pass Session("username") = Name 'Now we will check to see it there is a session object for an original URL. 'This would have been created (as you will see later) if the user first tried 'to visit a protected page. If so, we send them there. If not, we stay here. IF Session("Ori_URL") = "" Then 'do nothing Else Response.redirect(session("Ori_URL")) End IF End IF %>

Now, add your links for your password protected pages to this page. Remember, if the user first requested a password protected page, they will automatically be sent there and will never see this page.

In the above code, if the user does not enter a password, they will still see the list of links. In order to show them there was an error, we added a message in the above code after IF pass = . Now, add the following in to the body of your HTML to display the appropriate message:

<% IF Message = "" Then %>

You have been logged in as: <% Response.Write Session("username") %>

Please select a page to go to:

  > protected.asp

<% Else %>

<% Response.Write Message %>